Cyber Security

People Still Haven’t Learned That ‘Password’ Is A Terrible Password

Based on 10 million hacked passwords in 2016, "1234," "password," and "qwerty" are the most common — again

Cyber Security
Illustration: R. A. Di Ieso
Jan 13, 2017 at 9:36 AM ET

You’d think that with a story every other day about major data breaches people would change their passwords, but it seems like they’re just begging to get hacked.

Keeper Security, a cybersecurity company that develops a password management software, released a list of the most common passwords of 2016, as determined by more than 10 million passwords than became public through data breaches in 2016. LinkedIn, Yahoo, and Target were some of companies that were victims of a data breach.

The top 25 most popular passwords are series of letters and numbers that have been appearing on lists since 2011. Passwords such as “12345,” “qwerty,” “google” and the extremely obvious “password” all made the list — again. “123456” is being used by in incredible 17 percent of users in the study.

Other security firms such as Splash Data have released lists in 2015 and also found that “12345” and “password” were the most common then. Keeper, along with other firms in the past, have created their lists based on a much smaller sample — about one to two million passwords. However, Keeper decided to look further into these patterns and analyzed 10 million as part of its study.

Darren Guccione, co-founder and CEO of Keeper, told Vocativ that it was surprising how many website operators are not enforcing stricter password requirements such as lengthier passwords, mixtures of symbols, and two-step verification. However, banking websites are usually the first to recognize that they need to implement stricter password requirements, as well as retailers.

Guccione suggests that if you have a simple password and the site doesn’t ask for “hard” login credentials, then you should take the time to create your own “uncrackable” key phrase.

To make your passwords stronger use at least 8 characters and they must contain at least one capital letter, a number and a symbol. The harder to remember, the better usually, but that’s where password managers, which create unique passwords and stores them for you in an encrypted file, can help. It’s also important not to use the same password over and over again for different sites .

Another bad idea is to randomly strike nearby letters or numbers on a keyboard to try and generate random passwords like “1q2w3e4r” and “123qwe” — which made the list. Those passwords are still easy to crack since they get indexed by hackers as easy and common letter and number sequences. Then there’s also brute-force cracking software and hardware that can figure out those passwords in seconds.

One thing to keep in mind, though. Changing your password often or making it impossible to crack doesn’t mean that you’re not at risk, it’s just a safety measure that makes it more likely for you to prevent being a victim of a cyber threat.